prefapp · gustavoborragan · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024 · Oct 22, 2024
@@ -31,7 +31,7 @@ module "aks" {
   key_vault_secrets_provider_enabled                   = var.key_vault_secrets_provider_enabled
   kubernetes_version                                   = var.aks_kubernetes_version
   load_balancer_profile_enabled                        = var.load_balancer_profile_enabled
-  load_balancer_profile_outbound_ip_address_ids        = [data.azurerm_public_ip.aks_public_ip.id]
+  load_balancer_profile_outbound_ip_address_ids        = var.load_balancer_profile_outbound_ip_address_enabled ? [for ip in data.azurerm_public_ip.aks_public_ip : ip.id] : null
   load_balancer_sku                                    = var.load_balancer_sku
   log_analytics_workspace_enabled                      = false
   network_contributor_role_assigned_subnet_ids         = { aks_subnet = data.azurerm_subnet.aks_subnet.id }

@@ -8,6 +8,7 @@ data "azurerm_subnet" "aks_subnet" {
 
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip
 data "azurerm_public_ip" "aks_public_ip" {
+  count               = var.load_balancer_profile_outbound_ip_address_enabled ? 1 : 0
   name                = var.public_ip_name
   resource_group_name = var.resource_group_name
 }
@@ -38,7 +38,7 @@ output "oidc_issuer_url" {
 }
 
 output "outbound_ip_address" {
-  value = data.azurerm_public_ip.aks_public_ip.id
+  value = data.azurerm_public_ip.aks_public_ip[0].id
 }
 
 # Data section

@@ -1,7 +1,7 @@
 # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment
 resource "azurerm_role_assignment" "role_assignment_network_contributor_over_public_ip_aks" {
-    count               = var.create_role_assignment_public_ip ? 1 : 0
-    scope               = data.azurerm_public_ip.aks_public_ip.id
+    count               = var.load_balancer_profile_outbound_ip_address_enabled ? 1 : 0
+    scope               = data.azurerm_public_ip.aks_public_ip[count.index].id
     role_definition_name = "Network Contributor"
     principal_id        = module.aks.cluster_identity.principal_id
 }
@@ -113,6 +113,12 @@ variable "load_balancer_sku" {
   default     = "standard"
 }
 
+variable "load_balancer_profile_outbound_ip_address_enabled" {
+  description = "Boolean value to enable or not the load balancer profile outbound ip address"
+  type        = bool
+  default     = false
+}
+
 variable "node_os_channel_upgrade" {
   description = "The automatic node channel upgrade setting for the AKS cluster"
   default     = "None"
@@ -268,10 +274,3 @@ variable "api_server_authorized_ip_ranges" {
   type        = list(string)
   default     = null
 }
-
-# Role assignment for public IP
-variable "create_role_assignment_public_ip" {
-  description = "Boolean value to create a role assignment for the public IP"
-  type        = bool
-  default     = false
-}